manualshive.com logo in svg

Blackberry Enterprise Server 5.0 sp2, User Manual

Blackberry Enterprise Server 5.0 sp2 provides seamless integration for secure communication and data management. Access the free user manual for installation and configuration guidance. Download the manual from our website for comprehensive instructions on maximizing the features of this powerful server software.

Share
Download
background image

Defining measures to protect BlackBerry devices from unauthorized use

Scenario

Example IT policy rule

Example value

Extend your organization's password policy to
BlackBerry® devices. Lock the BlackBerry device
automatically, regardless of user activity.

Enable Long-Term Timeout

Yes

Prompt the user to type a password, whether the
BlackBerry device is idle or in use.

Periodic Challenge Time

60 (minutes that can elapse
before the user must type a
password)

Lock the BlackBerry device automatically when a
user inserts it in the holster.

Force Lock When Holstered

Yes

Lock the BlackBerry device automatically after a
period of user inactivity.

Maximum Security Timeout

10 (minutes of idle time that is
permitted before the BlackBerry
device locks)

Defining the encryption strength that the BlackBerry device uses to protect
data

Scenario

Example IT policy rule

Example value

Protect user and application data on the
BlackBerry® device.

Content Protection Strength

Yes

Protect the device transport key on a
locked BlackBerry device.

Force Content Protection of Master Key Yes

Specify the level of FIPS compliance on
the BlackBerry device.

FIPS Level

2

Specify the algorithms that the
BlackBerry device uses to encrypt and
decrypt PGP® messages.

PGP Allowed Content Ciphers

AES (256-bit), AES (192-bit), AES (128-
bit), and Triple DES

Specify the algorithms that the
BlackBerry device uses to encrypt and
decrypt S/MIME messages.

S/MIME Allowed Content Ciphers

AES (256-bit), AES (192-bit), AES (128-
bit), and Triple DES

Policy Reference Guide

Defining measures to protect BlackBerry devices from unauthorized use

329

Summary of Contents for Enterprise Server 5.0 sp2

Page 1: ...BlackBerry Enterprise Server Version 5 0 Service Pack 2 Policy Reference Guide...

Page 2: ...Published 2010 06 16 SWDT323212 1063796 0616124539 001...

Page 3: ...Force Load Message IT policy rule 29 Forward Messages In Cradle IT policy rule 30 Message Conflict Mailbox Wins IT policy rule 30 Message Prompt IT policy rule 31 Show Application Loader IT policy rul...

Page 4: ...on List IT policy rule 48 Disable Application Purchasing IT policy rule 48 Enable Wireless Service Provider Billing IT policy rule 49 BlackBerry Messenger policy group 49 Disable BlackBerry Messenger...

Page 5: ...raffic Inactivity Timeout IT policy rule 62 Maximum PC Disconnected Timeout IT policy rule 62 Maximum PC Long Term Timeout IT policy rule 63 Maximum Smart Card Not Present Timeout IT policy rule 64 Mi...

Page 6: ...in Browser IT policy rule 76 Disable JavaScript in Browser IT policy rule 77 Download Images URL IT policy rule 77 Download Themes URL IT policy rule 78 Download Tunes URL IT policy rule 78 MDS Browse...

Page 7: ...policy group 91 Allow Chalk Pushcast Player Auto Update Prompt IT policy rule 91 Allow Chalk Pushcast Player Roaming IT policy rule 91 Allow Launch of Chalk Pushcast Player IT policy rule 92 Chalk Pu...

Page 8: ...ynchronization IT policy rule 106 Force updates for application loader tool IT policy rule 107 Generate Encrypted Backup Files IT policy rule 107 Override Check For Updates URL IT policy rule 107 Devi...

Page 9: ...olicy rule 119 External Display policy group 120 Display Notification Details IT policy rule 120 Include Message Text in Notification Details IT policy rule 120 Firewall policy group 121 Restrict Inco...

Page 10: ...licy rule 132 Memory Cleaner policy group 132 Force Memory Clean When Closed IT policy rule 132 Force Memory Clean When Holstered IT policy rule 133 Force Memory Clean When Idle IT policy rule 133 Mem...

Page 11: ...thod IT policy rule 150 PGP Universal Policy Cache Timeout IT policy rule 151 PGP Universal Server Address IT policy rule 151 Phone policy group 152 Outgoing Call Redirection IT policy rule 152 RIM Va...

Page 12: ...al Connections IT policy rule 164 Allow Outgoing Call When Locked IT policy rule 164 Allow Resetting of Idle Timer IT policy rule 165 Allow Screen Shot Capture IT policy rule 165 Allow Smart Card Pass...

Page 13: ...tificate Status Checks IT policy rule 183 Disable Stale Status Use IT policy rule 183 Disable Untrusted Certificate Use IT policy rule 184 Disable Unverified Certificate Use IT policy rule 184 Disable...

Page 14: ...ng Key Store Security Level IT policy rule 201 Password Required for Application Download IT policy rule 201 Require Secure APB Messages IT policy rule 202 Required Password Pattern IT policy rule 202...

Page 15: ...18 Allow Public WLM Services IT policy rule 218 Allow Public Yahoo Messenger Services IT policy rule 218 Allow Network Address Book Sync IT policy rule 219 SIM Application Toolkit policy group 219 Dis...

Page 16: ...ity IT policy rule 232 Require Password IT policy rule 232 VoIP policy group 233 Allow VoIP IT policy rule 233 Disable VoIP User Profiles IT policy rule 233 SIP Authentication ID IT policy rule 234 SI...

Page 17: ...policy rule 247 VPN IPSec Cipher and Hash IT policy rule 247 VPN Minimal Certificate Encryption Key Security Level IT policy rule 248 VPN NAT Keep Alive IT policy rule 248 VPN Password Hidden on Input...

Page 18: ...Encryption Key Security Level IT policy rule 262 Wi Fi Password Hidden on Input IT policy rule 262 Wi Fi Preshared Key IT policy rule 263 Wi Fi Primary DNS IT policy rule 263 Wi Fi Profile Forwarding...

Page 19: ...configuration setting 278 SIP Authentication ID configuration setting 278 SIP Domain configuration setting 279 SIP Local Port configuration setting 279 SIP Realm configuration setting 279 SIP Registr...

Page 20: ...PSec Cipher and Hash configuration setting 293 VPN Minimal Certificate Encryption Key Security Level configuration setting 293 VPN NAT Keep Alive configuration setting 294 VPN PFS configuration settin...

Page 21: ...i Fi Link Security configuration setting 306 Wi Fi Minimal EAP TLS Certificate Encryption Key Security Level configuration setting 307 Wi Fi Preshared Key configuration setting 307 Wi Fi Primary DNS c...

Page 22: ...be Modified application control policy rule 322 Is Access to the File API Allowed application control policy rule 322 Is Access to the Media API Allowed application control policy rule 322 Is Access t...

Page 23: ...ng user control of third party applications on BlackBerry devices 332 Preventing RIM value added applications from running on BlackBerry devices 332 6 Glossary 334 7 Provide feedback 340 8 Legal notic...

Page 24: ...on might not For more information contact your organization s device supplier Devices that are running the BlackBerry Application Suite can use all the IT policy rules that are associated with the sup...

Page 25: ...otheAdvancedSecurityITpolicy thisITpolicyrequiresacomplexpassword that a user must change frequently a password timeout that locks the BlackBerry device and a maximum password history This policy rest...

Page 26: ...alue Added Applications Deactivate eBay for BlackBerry smartphones RIM Value Added Applications Disable Feeds application 6 0 RIM Value Added Applications Enable the Tell A Friend Feature in BlackBerr...

Page 27: ...0 BlackBerry Desktop Software version 3 5 or BlackBerry Web Desktop Manager version 1 0 BlackBerry Enterprise Server version 3 5 for Microsoft Exchange BlackBerry Enterprise Server version 4 0 for IB...

Page 28: ...st configure the Auto Backup Include All IT policy rule to No Minimum requirements BlackBerry Application Suite version 1 0 BlackBerry Desktop Software version 3 5 or BlackBerry Web Desktop Manager ve...

Page 29: ...nd restore tool options the Backup all device application data option is selected If you configure the Auto Backup Exclude Sync or Auto Backup Exclude Messages IT policy rules to Yes change this rule...

Page 30: ...value is No The BlackBerry device saves a copy of each email message that a user sends Usage Change this rule to Yes to prevent the storage of email messages that a user sends from a BlackBerry devic...

Page 31: ...Wise Exceptions The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only Force Load Message IT policy rule Description This rule specifies...

Page 32: ...t Exchange or BlackBerry Enterprise Server version 4 0 for IBM Lotus Domino Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Message Conflict Mailbox Wins IT...

Page 33: ...in the BlackBerry Desktop Manager and the BlackBerry Web Desktop Manager Default value The default value is Yes Usage Change this rule to No to hide the Device Software tab in the BlackBerry Web Deskt...

Page 34: ...ersion 4 0 for IBM Lotus Domino Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Synchronize Messages Instead Of Importing IT policy rule Description This ru...

Page 35: ...erry Enterprise Server version 4 0 for IBM Lotus Domino Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Web Link URL IT policy rule Description This rule sp...

Page 36: ...versions 1 2 2 0 2 1 or 4 0 BlackBerry Enterprise Server version 3 5 for Microsoft Exchange BlackBerry Enterprise Server version 4 0 for IBM Lotus Domino or BlackBerry Enterprise Server version 4 0 f...

Page 37: ...rry Device Software version 4 0 or later Allow SMS IT policy rule Description This rule specifies whether a user can send SMS text messages Default value The default value is Yes Usage Change this rul...

Page 38: ...Novell GroupWise supports this rule in BlackBerry Device Software version 4 0 or later Enable Long Term Timeout IT policy rule Description This rule specifies whether a BlackBerry device locks after...

Page 39: ...er uses the WAP service for MMS messaging Minimum requirements Java based BlackBerry device BlackBerry Connect versions 2 1 4 0 BlackBerry Device Software version 3 6 BlackBerry Enterprise Server vers...

Page 40: ...nts C based BlackBerry device that is running BlackBerry Device Software version 2 5 Java based BlackBerry device that is running BlackBerry Device Software version 3 6 BlackBerry Application Suite ve...

Page 41: ...m Security Timeout IT policy rule Description This rule specifies the maximum time in minutes that a BlackBerry device user can specify as the security timeout value The security timeout value is the...

Page 42: ...5 Java based BlackBerry device that is running BlackBerry Device Software version 3 6 BlackBerry Application Suite version 1 0 BlackBerry Connect versions 1 2 2 0 2 1 or 4 0 BlackBerry Enterprise Serv...

Page 43: ...ng BlackBerry Device Software version 2 5 Java based BlackBerry device that is running BlackBerry Device Software version 3 6 BlackBerry Application Suite version 1 0 BlackBerry Connect version 1 2 2...

Page 44: ...onnect versions 1 2 2 0 2 1 4 0 BlackBerry Device Software version 3 6 BlackBerry Enterprise Server version 3 5 for Microsoft Exchange BlackBerry Enterprise Server version 4 0 for IBM Lotus Domino or...

Page 45: ...he BlackBerry Browser is available on a BlackBerry device Default value The default value is Yes Usage This rule does not affect other browsers such as the WAP browser For more information about the b...

Page 46: ...BlackBerry Enterprise Server version 4 0 for Novell GroupWise Exceptions The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4 0 or later Au...

Page 47: ...evice user from accessing the application center Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 3 BlackBerry Enterprise Server version 4 1 SP6 Disable Carrier D...

Page 48: ...le replaces the Disable BlackBerry App World IT policy rule in the Security policy group Minimum requirements Java based BlackBerry device BlackBerry Device Software 4 5 BlackBerry Enterprise Server 5...

Page 49: ...ebstore and click Get Details for the application The application ID is the number that is located at the end of the URL for the application Dependencies You must configure the Application Restriction...

Page 50: ...or example if you want to prevent a user from purchasing and downloading applications from the Entertainment Games and Shopping categories type 7 1 45 Default values The default value is a null value...

Page 51: ...ice provider Default values The default value is No A user cannot purchase applications from BlackBerry App World using the purchasing plan for your organization s wireless service provider Usage If y...

Page 52: ...ers of BlackBerry Messenger groups send to each other You can prevent users from participating in BlackBerry Messenger groups if your organization s security policies require you to audit all informat...

Page 53: ...ontact list for the BlackBerry Messenger in the BlackBerry Infrastructure Default value The default value is No A BlackBerry device user can store a contact list in the BlackBerry Infrastructure Usage...

Page 54: ...Device Software version 4 6 BlackBerry Enterprise Server version 4 1 SP6 Disallow Setting a Subject on Conversations IT policy rule Description This rule specifies whether a BlackBerry device user ca...

Page 55: ...ages in a report the report includes the date that a user sent the messages The date is the time on the device converted into UTC time Minimum requirements Java based BlackBerry device BlackBerry Appl...

Page 56: ...rted into UTC time Minimum requirements Java based BlackBerry device BlackBerry Application Suite 1 0 BlackBerry Device Software 3 6 BlackBerry Enterprise Server 4 0 SP2 Messenger Audit UID IT policy...

Page 57: ...connect On BlackBerry option to prevent a BlackBerry device from reconnecting automatically to a BlackBerry Smart Card Reader Select the Disable Auto Reconnect On PC option to prevent a computer from...

Page 58: ...r If you change this rule to Yes the user cannot turn off this feature on the computer Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Se...

Page 59: ...onnection between a BlackBerry device and a BlackBerry Smart Card Reader closes that the disconnected timeout expires The permitted range is 0 through 604 800 seconds Default value The default value i...

Page 60: ...imeout IT policy rule Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP2 BlackBerry Smart Card Reader software versio...

Page 61: ...er software version 1 0 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Maximum Connection Heartbeat Period IT policy rule Description This rule specifies t...

Page 62: ...ion 4 0 SP2 BlackBerry Smart Card Reader software version 1 0 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Maximum Number of BlackBerry Transactions IT p...

Page 63: ...mart Card Reader software version 1 5 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Maximum Number of PC Transactions IT policy rule Description Thisrules...

Page 64: ...lt value The default value is a null value The secure pairing information is not deleted from the computer Usage If you configure this rule the user cannot turn off this feature but can change the Ina...

Page 65: ...rd Reader establish secure pairing information before the computer and BlackBerry Smart Card Reader delete the secure pairing information The permitted range is 1 through 720 hours Default value The d...

Page 66: ...Enterprise Server version 4 0 SP2 BlackBerry Smart Card Reader software version 1 5 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule Minimum PIN Entry Mode...

Page 67: ...rsion 4 2 2 BlackBerry Enterprise Server version 4 1 SP6 Disable Unite Applications IT policy rule Description This rule specifies whether to prevent applications for the BlackBerry Unite software fro...

Page 68: ...a with a supported Bluetooth enabled device Default values The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes A BlackBerry device cannot...

Page 69: ...lt value is No Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 2 BlackBerry Enterprise Server version 4 1 SP4 Disable Bluetooth IT policy rule Description This...

Page 70: ...Up Networking IT policy rule Description This rule specifies whether to prevent a BlackBerry device from using the Bluetooth DUN profile Default value The default value is No Minimum requirements Jav...

Page 71: ...IT policies is No Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Disable Handsfree Profile IT policy rule Descrip...

Page 72: ...example a headset that uses MAP can retrieve email messages and SMS text messages from or upload email messages and SMS text messages to a Bluetooth enabled BlackBerry device Default value The default...

Page 73: ...pportsthisruleinBlackBerryDeviceSoftwareversion4 0andlater Disable Serial Port Profile IT policy rule Description This rule specifies whether a BlackBerry device can use the Bluetooth SPP Default valu...

Page 74: ...6 Disable Wireless Bypass IT policy rule Description This rule specifies whether a BlackBerry device can use wireless bypass using Bluetooth technology Default value The default value is Yes Minimum r...

Page 75: ...ckBerry device uses this rule only if you configure the Disable Discovery Mode IT policy rule to No Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 5 BlackBerry...

Page 76: ...e Default values The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes The default value in all other preconfigured IT policies is No Minim...

Page 77: ...version 4 0 SP3 Browser policy group The rules in the Browser policy group apply to all browser configurations on the BlackBerry device Allow Application Download Services IT policy rule Description...

Page 78: ...prise Server version 4 1 SP6 Allow IBS Browser IT policy rule Description This rule specifies whether a BlackBerry Internet Service Browsing icon appears on a BlackBerry device if the appropriate serv...

Page 79: ...ript code on a BlackBerry device Default value The default value is No Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Connect version 4 0 interna...

Page 80: ...es for a BlackBerry device Default value The default value is a null value Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version...

Page 81: ...fix the domain with a period For example type yahoo ca to permit the BlackBerry Browser to retrieve all sub domains of yahoo ca such as mail yahoo ca www yahoo ca Minimum requirements Java based Black...

Page 82: ...rry Enterprise Server version 4 0 SP2 MDS Browser Style Sheets Enabled IT policy rule Description This rule specifies whether style sheets in the BlackBerry Browser are turned on Default value The def...

Page 83: ...appears on the Home screen of the BlackBerry device Default value The default value is No Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device...

Page 84: ...was Certificate Authority Profile policy group Allow Private Key Export IT policy rule Description This rule specifies whether to prevent a user from exporting private keys that are included in the c...

Page 85: ...nitial certificate enrollment process does not complete a BlackBerry device uses this rule to specify a retry time for the enrollment process Minimum requirements Java based BlackBerry device BlackBer...

Page 86: ...MDSConnectionServicecanusetoconnecttothecertificationauthority The permitted range is 0 through 65535 The previous name of this rule was Certificate Authority Port Default value The default value is 8...

Page 87: ...starts the certificate enrollment process automatically after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device The user can cancel the enrollment process when the BlackBe...

Page 88: ...user name from the email address to the common name but not the at sign or domain information Dependency If you change the Certification Authority Type rule to Microsoft Enterprise certification auth...

Page 89: ...tinguished name of the certificate for example C Country O Organization OU Organizational Unit Default value The default value is a null value Usage A BlackBerry device accepts certificates only if th...

Page 90: ...of 64 If you change the Key Algorithm rule to DSA you must configure the key size to be 512 768 or 1024 bits If you configure an unsupported key size a BlackBerry device chooses the next strongest ke...

Page 91: ...te ID Default value The default value is a null value Usage You must map this value to the MD5 certificate ID for example 2094a3d152b66fb45ea69501970511f9 that the administrator of the RSA certificati...

Page 92: ...iption This rule specifies a web address that produces random data for example a web site for a white noise machine If the S MIME Support Package for BlackBerry Smartphones version 4 0 or later is ins...

Page 93: ...ue The default value is Yes Usage Change this rule to No if you do not want the Chalk Pushcast Player to prompt the user when an update is available Minimum requirements Java based BlackBerry device B...

Page 94: ...ackBerry device BlackBerry Enterprise Server 5 0 SP2 Chalk Pushcast Player Default Connection Type IT policy rule Description This rule specifies the default connection type that the Chalk Pushcast Pl...

Page 95: ...from the Chalk Pushcast Software over the wireless network in a one month period Default value The default value is 1 The data limit is unlimited Usage Change the value to 0 to prevent the Chalk Pushc...

Page 96: ...re over the mobile network Change the value of this rule to Only use Wi Fi to permit only Wi Fi enabled BlackBerry devices to download content from the Chalk Pushcast Software and to permit the Wi Fi...

Page 97: ...ckBerry Device Software version 4 0 BlackBerry Connect version 4 0 BlackBerry Enterprise Server version 4 0 and earlier Confirm On Send IT policy rule Description This rule specifies whether users mus...

Page 98: ...ng and receiving MMS messages For more information see the BlackBerry Enterprise Solution Security Technical Overview Dependencies To block incoming MMS messages in the Security policy group configure...

Page 99: ...er version 4 1 SP5 Enable Simultaneous Phone and Data IT policy rule Description This rule specifies whether a BlackBerry device user can send and receive data during a phone call Default value The de...

Page 100: ...erry device You can lock the Information field the Name field or both fields Default value The default value is a null value Usage Configure this rule to Lock Information text that is defined using th...

Page 101: ...Dependencies The Set Owner Info IT policy rule is related to the Lock Owner Info IT policy rule Minimum requirements C based BlackBerry device that is running BlackBerry Device Software version 2 7 J...

Page 102: ...BlackBerry device including the synchronization of time zone information Automatic Time Zone Change Detection IT policy rule Description This rule specifies whether a BlackBerry device can update the...

Page 103: ...whether a BlackBerry device can automatically synchronize its real time clock with a time source on the wireless network Default value The default value is Yes A BlackBerry device can synchronize its...

Page 104: ...5 0 BlackBerry Enterprise Server version 5 0 SP1 Desktop policy group Allow BlackBerry Desktop Software Statistics IT policy rule Description This rule specifies whether the BlackBerry Desktop Softwa...

Page 105: ...ication IT policy rule Description This rule specifies whether a BlackBerry device user can use the integrated IP modem application in the BlackBerry Desktop Manager Default value The default value is...

Page 106: ...ckBerry Desktop Software can run add in applications such as third party COM based extensions that access BlackBerry device databases during synchronization Default value The default value is Yes Mini...

Page 107: ...Berry Web Desktop Manager caches the BlackBerry device password in memory The permitted range is 0 through 720 minutes Default value The default value is 10 minutes Usage If you change this rule to 0...

Page 108: ...using the media manager tool Minimum requirements BlackBerry Connect version 4 0 internal BlackBerry Desktop Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Exceptions The BlackBerr...

Page 109: ...he user must update it manually Minimum requirements BlackBerry Desktop Software 5 0 SP1 BlackBerry Enterprise Server 5 0 SP2 Generate Encrypted Backup Files IT policy rule Description This rule speci...

Page 110: ...BlackBerry device BlackBerry Device Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Set Diagnostic Report Email Address IT policy rule Description This rule specifies one or more em...

Page 111: ...lackBerry device BlackBerry Device Software version 4 5 with the DataViz Documents to Go application installed BlackBerry Enterprise Server version 4 1 SP5 Hide Documents To Go Communication Menus IT...

Page 112: ...Email Messaging policy group The rules in the Email Messaging policy group apply to wireless message reconciliation and attachment viewing Allow Auto Attachment Download IT policy rule Description Th...

Page 113: ...kBerry Application Suite version 1 0 BlackBerry Connect version 4 0 BlackBerry Device Software version 4 2 for messages and version 5 0 for calendar entries BlackBerry Enterprise Server version 3 5 fo...

Page 114: ...an send email messages that include embedded forms Default value The default value is No Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 5 BlackBerry Enterprise...

Page 115: ...forward or reply to IBM Lotus Domino encrypted email messages that were received decrypted and decompressed on the BlackBerry device Usage If you change this rule to Yes a BlackBerry device user canno...

Page 116: ...r version 3 5 for Microsoft Exchange BlackBerry Enterprise Server version 4 0 for IBM Lotus Domino or BlackBerry Enterprise Server version 4 0 for Novell GroupWise Exceptions The BlackBerry Enterprise...

Page 117: ...umtime indays thataBlackBerry devicekeepssavedmessages Thepermittedrangeis 1through 180 days Default value The default value is 1 A BlackBerry device keeps messages indefinitely Usage Configure this r...

Page 118: ...interacts with the Maximum Upload Attachment Size field in the BlackBerry Manager If you configure the fields the BlackBerry Enterprise Server sends the values to the device using service books The de...

Page 119: ...res the IBM Lotus Notes id password that a user types The permitted range is 1 through 32 767 Default value The default value is 1 which indefinitely stores the password that the user types Usage Chan...

Page 120: ...Change this rule to Yes to permit a user to send messages using IBM Lotus Notes encryption If necessary the BlackBerry device prompts a user for the IBM Lotus Notes encryption passwords A BlackBerry...

Page 121: ...ersion 4 1 SP4 Disable Enterprise Voice Client IT policy rule Description This rule specifies whether enterprise voice is available on a BlackBerry device Default value The default value is No Minimum...

Page 122: ...display of BlackBerry Pearl 8220 and BlackBerry 8210 smartphones Default value The default value is Always Usage Change this rule to Never to never display notification messages on the external displa...

Page 123: ...lue Usage Type one or more fixed dialing patterns for example specific dialing numbers or a set of dialing numbers that have the same prefix separated by a semi colon To receive calls to numbers that...

Page 124: ...ded by the number one or a plus sign and the number one only type 1 1 r To prevent calls that use a specific pattern append r to the pattern For example type 011 r to prevent calls that use the format...

Page 125: ...er can permit collaboration clients that were previously logged into a BlackBerry device to log back in automatically after the BlackBerry device restarts or enters a wireless coverage area again Defa...

Page 126: ...ticons and allows a user to add emoticons to conversations Default value The default value is No The collaboration client on a BlackBerry device displays emoticons and makes them available in conversa...

Page 127: ...re version 4 2 BlackBerry Enterprise Server version 4 1 SP6 Disallow File Transfer Types IT policy rule Description This rule specifies the types of files that a BlackBerry device user cannot send usi...

Page 128: ...cation Service IT policy rule Description ThisrulespecifieswhetheraBlackBerry devicecanusethegeolocationservicetoidentifythegeographiclocationofaBlackBerry device user Default value The default value...

Page 129: ...device user to require that a BlackBerry device report its location to the BlackBerry Enterprise Server at regular intervals You can use the Enterprise Location Tracking Interval IT policy rule to ch...

Page 130: ...icy group Allow Access to Multiple Domains IT policy rule Description This rule specifies whether to permit users to install a BlackBerry MDS Runtime Application that uses multiple web services on a B...

Page 131: ...4 0 SP6 and later The default value is No Minimum requirements Java based BlackBerry device BlackBerry Application Suite 1 0 BlackBerry Device Software 4 2 BlackBerry Enterprise Server 4 1 SP2 Disabl...

Page 132: ...y Enterprise Server version 4 0 SP6 Enable Access to Device Data for MDS Runtime 4 3 0 and earlier IT policy rule Description This rule specifies whether BlackBerry MDS Runtime version 4 3 0 and earli...

Page 133: ...ion This rule specifies the maximum number of incoming messages from BlackBerry MDS Runtime that can be queued locally on a BlackBerry device The permitted range is 0 through 1000 messages Default val...

Page 134: ...a based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Memory Cleaner policy group For more information...

Page 135: ...does not support this rule Force Memory Clean When Idle IT policy rule Description This rule specifies whether a BlackBerry device cleans its memory during periods of user inactivity Default value The...

Page 136: ...lackBerry Device Software version 3 6 BlackBerry Enterprise Server version 4 0 SP3 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule On Device Help policy gro...

Page 137: ...ed IT policy rule to Yes For more information about using passwords on BlackBerry devices see the BlackBerry Enterprise Solution Security Technical Overview Duress Notification Address IT policy rule...

Page 138: ...ue The default value is a null value Usage By default a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers The BlackBerry device also aut...

Page 139: ...kBerry device locks and prompts a user to type a password regardless of whether the BlackBerry device was active during that interval Default value By default if you change the Enable Long Term Timeou...

Page 140: ...priseServerforNovell GroupWise supportsthisruleinBlackBerryDeviceSoftwareversions4 0andlater Set Password Timeout IT policy rule Description This rule specifies the number of minutes of inactivity bef...

Page 141: ...Dependencies The BlackBerry device uses this rule only if a password is configured on the BlackBerry device To require a password configure the Password Required rule to Yes To specify the number of...

Page 142: ...eless Synchronization IT policy rule Description This rule specifies whether wireless data synchronization is turned off Default value The default value is No Usage Change this rule to Yes to turn off...

Page 143: ...e database for the BlackBerry Messenger is turned off Default value The default value is Yes The message database for the BlackBerry Messenger does not synchronize wirelessly Usage When you change thi...

Page 144: ...ation Suite 1 0 BlackBerry Device Software 4 2 BlackBerry Enterprise Server 4 0 SP6 Disable Memopad Wireless Sync IT policy rule Description This rule specifies whether wireless data synchronization f...

Page 145: ...turned off Default value The default value is Yes Usage If you change this rule to No the BlackBerry Enterprise Server logs all PIN messages in unencrypted format to the log file that you specify Make...

Page 146: ...Minimum requirements C based BlackBerry device that is running BlackBerry Device Software version 2 7 Java based BlackBerry device that is running BlackBerry Device Software version 4 0 BlackBerry Ap...

Page 147: ...g the PGP Support Package for BlackBerry smartphones For more information about using the PGP Support Package for BlackBerry smartphones see the PGP Support Package for BlackBerry Devices Security Tec...

Page 148: ...is Automatic A BlackBerry device requests decrypted attachment information from the BlackBerry Enterprise Server automatically when users open PGP protected messages that contain attachments Minimum r...

Page 149: ...oupWise does not support this rule PGP Force Digital Signature IT policy rule Description This rule specifies whether a BlackBerry device digitally signs all PGP protected messages that it sends Defau...

Page 150: ...Novell GroupWise does not support this rule PGP Minimum Strong DH Key Length IT policy rule Description This rule specifies the minimum Diffie Hellman key size in bits to use with PGP protected messa...

Page 151: ...cation Suite version 1 0 BlackBerry Device Software version 4 1 BlackBerry Enterprise Server version 4 0 SP2 Exceptions The BlackBerry Enterprise Server for Novell GroupWise does not support this rule...

Page 152: ...irements Java based BlackBerry device BlackBerry Device Software version 5 1 BlackBerry Enterprise Server version 5 0 SP1 PGP Universal Enrollment Method IT policy rule Description This rule specifies...

Page 153: ...rprise Server for Novell GroupWise does not support this rule PGP Universal Server Address IT policy rule Description This rule specifies the address of your organization s PGP Universal Server The PG...

Page 154: ...at the user calls using voice activated dialing or Bluetooth technology or a phone number that the user provides manually To forward outgoing calls on devices you must configure the value of this rule...

Page 155: ...a BlackBerry device user can change the web address for the BlackBerry Social Networking Application Proxy on a BlackBerry device Default value The default value is Yes A user can change the web addr...

Page 156: ...rry Enterprise Server version 4 1 SP7 Allow TiVo for BlackBerry application IT policy rule Description This rule specifies whether the TiVo for BlackBerry application on the BlackBerry device is turne...

Page 157: ...n Proxy that the BlackBerry Client for IBM Lotus Quickr uses for example https server_name port qkr 100 services Default value The default value is a null value Usage If you configure this rule you ca...

Page 158: ...rule specifies whether to prevent the ecommerce content optimization engine for the BlackBerry Browser from running on a BlackBerry device Default value The default value is No Minimum requirements B...

Page 159: ...ule specifies whether a BlackBerry device must prevent social networking applications from accessing organizer data Default value The default value is Yes Social networking applications such as Facebo...

Page 160: ...rry device user can use the Tell a Friend feature in the BlackBerry Client for IBM Lotus Connections to recommend the BlackBerry Client for IBM Lotus Connections to another person Default value The de...

Page 161: ...mum requirements BlackBerry Enterprise Server version 4 1 SP6 Lotus Connections Blogs Server IT policy rule Description This rule specifies the address of the server that hosts the IBM Lotus Connectio...

Page 162: ...at hosts the IBM Lotus Connections Dogear component Default value The default value is a null value Usage If you configure this rule users can use the specified server address only If you do not confi...

Page 163: ...ile system If you change this rule to Yes a user cannot run BlackBerry Podcasts on a device Minimum requirements Java based BlackBerry device BlackBerry Device Software 6 0 BlackBerry Desktop Software...

Page 164: ...lackBerry Desktop Software 6 0 BlackBerry Enterprise Server 5 0 SP2 Secure Email policy group The IT policy rules in the Secure Email policy group apply to BlackBerry devices that are running the S MI...

Page 165: ...a signed email message and the sender s email address does not appear in the certificate or the PGP key that was used to sign the email message Default value The default value is No Usage Consider ch...

Page 166: ...plications can initiate internal connections for example to the BlackBerry MDS Connection Service Default value The default value is Yes Minimum requirements Java based BlackBerry device BlackBerry Ap...

Page 167: ...t value The default value is No Usage For more information about the inactivity timeout visit www blackberry com go apiref to read the EventInjector class and Backlight enable method in the API refere...

Page 168: ...erry Enterprise Server version 4 0 Allow Split Pipe Connections IT policy rule Description This rule specifies whether applications including third party applications can open internal and external co...

Page 169: ...e to specify whether applications can access the persistent store API Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 3 6...

Page 170: ...priority over the Force Smart Card Two Factor Authentication IT policy rule For example if you configure this rule to prevent smart card authentication but the Force Smart Card Two Factor Authenticati...

Page 171: ...lackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5 0 process the Disallowed setting in the same way that they process the Required setting If the co...

Page 172: ...mory Media Files IT policy rule or instruct the BlackBerry device user to configure file encryption For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than ve...

Page 173: ...he device options Minimum requirements Java based BlackBerry device BlackBerry Device Software 6 0 BlackBerry Enterprise Server 5 0 SP2 Desktop Backup IT policy rule Description This rule specifies wh...

Page 174: ...AES algorithm to encrypt and decrypt data that they send between them Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Connect version 4 0 interna...

Page 175: ...e browser on a device Minimum requirements Java based BlackBerry device BlackBerry Device Software 6 0 BlackBerry Enterprise Server 5 0 SP2 Disable Certificate or Key Import From External Memory IT po...

Page 176: ...version 4 0 SP6 Disable Forwarding Between Services IT policy rule Description This rule specifies whether to prevent a BlackBerry device user from forwarding or replying to a message on a BlackBerry...

Page 177: ...re on a BlackBerry device is turned on Default value The default value is No Usage Change this rule to Yes to turn off the GPS feature and prevent applications on a BlackBerry device from accessing it...

Page 178: ...erry Enterprise Server for Microsoft Exchange version 3 6 Exceptions The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4 0 or later Disable...

Page 179: ...l is High For BlackBerry devices that are running BlackBerry Device Software version 4 0 or later the next highest security level is Medium Minimum requirements Java based BlackBerry device BlackBerry...

Page 180: ...or signed email messages Default value The default value is No Usage If you change this rule to Yes to send email messages the user must install the S MIME Support Package for BlackBerry smartphones o...

Page 181: ...alltheS MIMESupportPackageforBlackBerrysmartphones or the PGP Support Package for BlackBerry smartphones on a BlackBerry device You must also turn on S MIME message processing on the BlackBerry Enterp...

Page 182: ...logs an exception error message in the log file on the BlackBerry device resets the BlackBerry device and displays a Java 576 error removes the data that the application tries to save Attention If yo...

Page 183: ...connected The wireless transceiver remains on Usage Change this rule to Radio disabled when USB device is connected to turn off the wireless transceiver while the BlackBerry device is connected to a...

Page 184: ...her to prevent a user from using smart password entry when using two factor authentication If a user uses two factor authentication and a BlackBerry device password or authentication password is numer...

Page 185: ...s of certificates on the BlackBerry device never expires Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 4 2 BlackBerry En...

Page 186: ...erry Enterprise Server for Microsoft Exchange version 3 6 Exceptions The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4 0 or later Disable...

Page 187: ...or BlackBerry Desktop Manager to a device or media card If you change this rule to Yes a device cannot access a media card that is connected to the USB port on the device When you transfer files usin...

Page 188: ...inimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 3 6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise...

Page 189: ...ise Server for Novell GroupWise supports this rule for devices that are running BlackBerry Device Software 4 0 or later Encryption on On Board Device Memory Media Files IT policy rule Description If o...

Page 190: ...edia directories if the media card requires encryption with a password that the user provides Change this rule to Encrypt to User Password including multimedia directories if the media card requires e...

Page 191: ...ules are configured Password Required is configured to Yes Minimum Password Length is configured to 5 Suppress Password Echo is configured to Yes PGP Allowed Content Ciphers is configured to AES 256 b...

Page 192: ...es of messages were received A user can specify whether to block public PIN messages on a BlackBerry device A user cannot specify whether to block organization specific PIN messages on a BlackBerry de...

Page 193: ...lackBerry Enterprise Server version 4 0 SP3 Force Device Password Entry While User Authentication is Enabled IT policy rule Description This rule specifies whether a BlackBerry device user must type t...

Page 194: ...Berry Enterprise Server include the IT policy viewer Change this rule to Yes if you want the IT Policy Viewer icon to appear in the Application folder on the device If you change this rule to Yes a us...

Page 195: ...values The default value in the Default and Basic password security IT policies is No The default value in all other preconfigured IT policies is Yes Minimum requirements Java based BlackBerry device...

Page 196: ...Usage If you change this rule to Yes a BlackBerry device displays a key store notification message during the cached period when the user opens or sends an uncached secure email message If a user ope...

Page 197: ...ust have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device Dependencies If you change this rule to Yes the BlackBerry Enterprise Server automatically con...

Page 198: ...ry device uses this rule only if you configure the Password Required and Force Smart Card Two Factor Authentication IT policy rules to Yes Minimum requirements Java based BlackBerry device BlackBerry...

Page 199: ...t Card Reader or when a proximity authenticator is out of range of the BlackBerry device Default value The default value in the Advanced security and Advanced security with No 3rd Party Applications I...

Page 200: ...ackBerry Device Software version 3 6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4 0 BlackBerry Enterprise Server for Microsoft Exchange version 3 6 Exceptions The B...

Page 201: ...vice uses this rule only if you configure the Password Required Force Smart Card User Authentication and Force Smart Card Two Factor Challenge Response IT policy rules to Yes Minimum requirements Java...

Page 202: ...terprise Server version 4 1 SP4 Minimal Encryption Key Store Security Level IT policy rule Description This rule specifies the minimum security level of the private key that a BlackBerry device uses t...

Page 203: ...key store password when accessing the private key to sign messages only if the password is cleared from the key store cache If you change this rule to High security a BlackBerry device always prompts...

Page 204: ...rise Server Default value The default value is No Usage A BlackBerry device can receive all email messages from the BlackBerry Enterprise Server that are not blocked at the BlackBerry device firewall...

Page 205: ...on 1 0 BlackBerry Device Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Reset to Factory Defaults on Wipe IT policy rule Description This rule specifies whether a BlackBerry device...

Page 206: ...BlackBerry device that cannot receive IT policy updates or IT administration commands delete user data after a specific period of time Dependencies If you configure this rule to prevent deleting user...

Page 207: ...el is too low Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 4 2 BlackBerry Enterprise Server version 4 0 SP6 Security Se...

Page 208: ...Enterprise Solution Security Technical Overview Default value The default value is a null value Usage To permit a third party encryption scheme to be used in conjunction with BlackBerry Enterprise So...

Page 209: ...ction on the BlackBerry device is designed to protect the content protection decryption keys with both a private key that is stored on a smart card and the BlackBerry device password When a user turns...

Page 210: ...ificate chains for the certificates that are used to sign messages that a BlackBerry device receives are strong enough Default value By default no algorithms are specified as weak Usage Specify a list...

Page 211: ...specifies the encryption algorithms that a BlackBerry device can use to encrypt S MIME protected messages Default value The default value is to use all supported algorithms Usage To maintain compatib...

Page 212: ...erry Device Software version 4 5 BlackBerry Enterprise Server version 4 1 SP5 S MIME Allowed Encryption Types IT policy rule Description This rule specifies the types of encryption that a BlackBerry d...

Page 213: ...rule Description This rule specifies whether a BlackBerry device sends all S MIME protected messages digitally signed Default value The default value is No Minimum requirements Java based BlackBerry...

Page 214: ...while the device is attached to a BlackBerry Smart Card Reader Default value The default value is No Minimum requirements Java based BlackBerry device S MIME Support Package for BlackBerry smartphones...

Page 215: ...ed messages The permitted range is 512 through 1024 bits Default value The default value is 1024 bits Minimum requirements Java based BlackBerry device S MIME Support Package for BlackBerry smartphone...

Page 216: ...The permitted range is 512 through 4096 bits Default value The default value is 1024 bits Minimum requirements Java based BlackBerry device S MIME Support Package for BlackBerry smartphones version 1...

Page 217: ...vices Default value The default value is Yes Usage Change this rule to No to require that a BlackBerry device send browser data through your organization s BlackBerry Enterprise Server and to prevent...

Page 218: ...s through your organization s BlackBerry Enterprise Server and to prevent a user from sending email messages using other email message services This rule does not prevent a user from receiving email m...

Page 219: ...BlackBerry devices application the Google Talk for BlackBerry devices icon remains on the Home screen If a user tries to sign into the application a message appears indicating that the application ca...

Page 220: ...y device configure the Allow Public Yahoo Messenger Services IT policy rule Minimum requirements BlackBerry Application Suite version 1 0 BlackBerry Enterprise Server version 4 0 SP4 Allow Public WLM...

Page 221: ...ronize contacts with the network address book Usage Change the value of this rule to Enabled to permit a user to synchronize contacts with the network address book If your organization uses T Mobile a...

Page 222: ...erprise Server version 4 0 SP3 Disable SIM Call Control IT policy rule Description This rule specifies whether to prevent a SIM card from changing a call a supplementary service request or an SMS text...

Page 223: ...cy IT policy rule Description This rule specifies whether smart dialing for VoIP calls is available on a BlackBerry device Default setting The default setting is Yes Usage This rule is obsolete in Bla...

Page 224: ...y Code IT policy rule Description This rule specifies the local country code for phone numbers Default value The default value is a null value Usage This rule is obsolete in BlackBerry Enterprise Serv...

Page 225: ...BlackBerry Enterprise Server version 4 0 SP1 Smart Dialing Allow Device Changes IT policy rule Description This rule specifies whether a BlackBerry device user can change the smart dialing options Def...

Page 226: ...ftware version 4 0 BlackBerry Enterprise Server version 4 0 TCP Password IT policy rule Description This rule specifies whether a default APN password must be used when a BlackBerry device uses TCP Th...

Page 227: ...on This rule specifies whether a BlackBerry device and the BlackBerry Enterprise Server can use proxy mode TLS or proxy mode HTTPS Default value The default value is No Usage If you change this rule t...

Page 228: ...servers Default value The default value is Prompt user on BlackBerry device Minimum requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Connect version 4 0 B...

Page 229: ...nimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device the BlackBerry device continues to prompt the user to trust every secure web site that...

Page 230: ...ts If you configure the minimum key size on the BlackBerry Enterprise Server to 1024 bits the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its...

Page 231: ...default value on the BlackBerry Enterprise Server is 512 bits Usage If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry d...

Page 232: ...whether a BlackBerry device can use an algorithm with TLS that is not FIPS compliant Default value The default value is No Usage By default if you configure the FIPS Level IT policy rule to Level 2 a...

Page 233: ...llow Users to Save Messages IT policy rule Description This rule specifies whether a BlackBerry device user can use visual voice mail to save or forward voice mail messages Default value The default v...

Page 234: ...exity IT policy rule Description This rule specifies the minimum password length that a BlackBerry device user is required to type to access the TUI The permitted range is 0 to 16 digits Default value...

Page 235: ...ackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 Disable VoIP User Profiles IT policy rule Description This rule specifies whether a user can create VoIP profiles on a...

Page 236: ...BlackBerry Enterprise Server version 4 0 SP1 SIP Domain IT policy rule Description This rule specifies the SIP domain where the SIP user ID is valid Default value The default value is a null value Us...

Page 237: ...IP realm value on a BlackBerry device must be the same as the SIP realm value that you specified on the SIP server This rule is made obsolete by BlackBerry Mobile Voice System Minimum requirements Jav...

Page 238: ...uirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 SIP Server Name IT policy rule Description This rule specifies the name or IP...

Page 239: ...version 4 0 SP1 SIP Server Transport IT policy rule Description This rule specifies the transport protocol that your organization s SIP server uses Default value The default value is UDP Usage Change...

Page 240: ...his rule is made obsolete by BlackBerry Mobile Voice System Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 SIP Us...

Page 241: ...te or delete the value To retain the value on the BlackBerry device verify that the updated IT policy uses the same value as this rule This rule is made obsolete by BlackBerry Mobile Voice System Mini...

Page 242: ...e obsolete by BlackBerry Mobile Voice System Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 VoIP Enable Attended...

Page 243: ...ifies whether a user can perform an unattended transfer to a VoIP call where the original call ends automatically when the user that transfers the call dials the transfer number on a BlackBerry device...

Page 244: ...e might not be able to use a Wi Fi network that requires VPN access or it might require an alternative form of access control Usage Change this rule to Yes to require that a BlackBerry device use VPN...

Page 245: ...kBerry device This rule is obsolete in BlackBerry Enterprise Server version 4 1 SP3 and later Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterp...

Page 246: ...r version 4 1 SP3 VPN DNS Configuration IT policy rule Description This rule specifies your organization s VPN DNS configuration Default value The default value is Yes A BlackBerry device retrieves DN...

Page 247: ...specifies the IP address or FQDN of your organization s VPN server Default value The default value is a null value Minimum requirements Java based BlackBerry device BlackBerry Device Software version...

Page 248: ...rule Description This rule specifies the encryption algorithm that a BlackBerry device uses to authenticate the IKE exchanges Default value The default value is AES 128 Usage Change the value only if...

Page 249: ...only if the hash method authentication code does not support SHA 1 160 bits Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server versi...

Page 250: ...you change this rule to Medium security a BlackBerry device prompts the user for the key store password the first time only and from that point forward only prompts the user again after the user rese...

Page 251: ...T policy rule Description This rule specifies whether Perfect Forward Secrecy is turned on for a BlackBerry device Default value The default value is Yes Usage Change the value only if your organizati...

Page 252: ...m requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 VPN User Name IT policy rule Description This rule specifies the default...

Page 253: ...evice verify that the updated rule uses the same value as this rule Dependencies You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule Minimum requirements...

Page 254: ...BlackBerry Internet Service The previous name of this rule was BlackBerry Infrastructure WLAN Access Mode Default value The default value is Access does not require VPN A BlackBerry device can bypass...

Page 255: ...ether to prevent a BlackBerry device user from adding Wi Fi profiles for SSIDs that you specify to a BlackBerry device The previous name of this rule was Blocked WLAN SSIDs Default value The default v...

Page 256: ...irements Java based BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry Enterprise Server version 4 1 SP3 Disable GAN Selection Mode Editing IT policy rule Description This rule spec...

Page 257: ...s whether a user can select the WAN preferred mode from the list of GAN selection modes on a BlackBerry device Default value The default value is No Usage Change this rule to Yes to prevent a user fro...

Page 258: ...ry depending on which mobile network provider a BlackBerry device is using Usage Configure this rule to Yes to deny a BlackBerry device access to the BlackBerry Enterprise Server over a Wi Fi network...

Page 259: ...Java based BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry Enterprise Server version 4 1 SP3 GAN Signal Strength Threshold IT policy rule Description This rule specifies the sign...

Page 260: ...e GAN mode if the Wi Fi signal quality is high or medium If you choose High a BlackBerry device uses the GAN mode only if the Wi Fi signal quality is high Minimum requirements Java based BlackBerry de...

Page 261: ...configure the value for the Wi Fi DHCP Configuration IT policy rule to Yes do not change the value for this rule to Yes Minimum requirements Java based BlackBerry device BlackBerry Device Software ve...

Page 262: ...s Re Entry IT policy rule Description This rule specifies whether a BlackBerry device turns off the prompt for a user to re enter the Wi Fi credentials after authentication is not successful The previ...

Page 263: ...was WLAN IP Address Default value The default value is a null value Usage A BlackBerry device uses this rule only if you change the Wi Fi DHCP Configuration IT policy rule to No Dependencies If you ch...

Page 264: ...a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages After the BlackBerry device retrieves the private key the BlackBerry device...

Page 265: ...ork The previous name of this rule was WLAN Preshared Key Default value The default value is a null value Dependencies A BlackBerry device uses this rule only if you configure the Wi Fi Link Security...

Page 266: ...ward Wi Fi profiles Dependencies A user can forward a Wi Fi profile using a PIN message only if you change the Allow Peer to Peer Messages IT policy rule to Yes and the Firewall Block Incoming Message...

Page 267: ...e this rule to Yes Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 Wi Fi SSID IT policy rule Description This rule...

Page 268: ...rry Enterprise Server version 4 0 SP1 Wi Fi User Name IT policy rule Description This rule specifies the user name for PEAP or LEAP security access on a BlackBerry device The previous name of this rul...

Page 269: ...me value as the IT policy on the BlackBerry device Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 SP1 Wi Fi WEP Key 1...

Page 270: ...ersion 4 0 BlackBerry Enterprise Server version 4 0 SP1 Wi Fi WEP Key 3 IT policy rule Description This rule specifies the password for WEP key 3 using the format xx xx xx xx xx The previous name of t...

Page 271: ...ftware Updates policy group apply to the BlackBerry Device Software update process when a user connects a BlackBerry device to a computer Allow Web Based Software Loading IT policy rule Description Th...

Page 272: ...e Software version 5 0 BlackBerry Enterprise Server version 5 0 SP1 Wireless Software Upgrades policy group Allow Non Enterprise Upgrade IT policy rule Description This rule specifies whether to permi...

Page 273: ...rule specifies whether to prevent a BlackBerry device user from requesting available updates for the BlackBerry Device Software over the wireless network Default value The default value is No Usage Th...

Page 274: ...sion 4 5 BlackBerry Enterprise Server version 4 1 SP4 Disallow Patch Download Over WAN IT policy rule Description This rule specifies whether to prevent a BlackBerry device from downloading updates fo...

Page 275: ...ser from connecting to WTLS servers that have invalid certificates change this rule to Disable invalid connections If you want to permit a BlackBerry device user to connect to WTLS servers that have i...

Page 276: ...ule Description This rule specifies whether to prevent a BlackBerry device from using weak algorithms over WTLS connections Default value The default value is Prompt user on BlackBerry device Usage If...

Page 277: ...ise Server to 2048 bits the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 2048 bits This rule is obsolete in...

Page 278: ...default value on the BlackBerry Enterprise Server is 512 bits Usage If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry de...

Page 279: ...y default if you configure the FIPS Level IT policy rule to 2 a BlackBerry device ignores this rule and uses only algorithms that are FIPS compliant Minimum requirements Java based BlackBerry device B...

Page 280: ...Software version 4 0 0 BlackBerry Enterprise Server version 4 0 SP1 SIP Authentication ID configuration setting Description This setting specifies the SIP authentication ID that a BlackBerry device u...

Page 281: ...n This setting specifies the network port number that a BlackBerry device listens for incoming SIP messages on Default value The default value is 5060 Usage This setting is made obsolete by the BlackB...

Page 282: ...before the SIP registration process expires Default value The default value is 25 minutes Usage This setting is made obsolete by the BlackBerry Mobile Voice System Minimum requirements Java based Blac...

Page 283: ...onfiguration setting Description This setting specifies the port number on your organization s SIP proxy server that the SIP proxy server uses to make network connections The permitted range is 0 to 6...

Page 284: ...of SIP proxy server that a BlackBerry device can connect to Default value The default value is Generic SIP Usage Change this setting only if the SIP proxy server is not generic This setting is made o...

Page 285: ...ainthevaluethattheusertypesontheBlackBerrydevice verifythattheupdatedITpolicyusesthesamevalueasthissetting This setting is made obsolete by the BlackBerry Mobile Voice System Minimum requirements Java...

Page 286: ...setting Description This setting specifies the emergency number that a BlackBerry device can use on your organization s network Default value The default value is 911 Usage Two versions of this settin...

Page 287: ...he BlackBerry Mobile Voice System Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 0 BlackBerry Enterprise Server version 4 0 SP1 VoIP Enable Call Hold configur...

Page 288: ...VPN configuration setting Description This setting specifies whether the VPN client on a BlackBerry device is turned on Default value The default value is No The BlackBerry device might not be able t...

Page 289: ...tificates to authenticate to your organization s VPN gateway Default value The default value is No Usage You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use...

Page 290: ...e Validation configuration setting Description This setting specifies whether a BlackBerry device requires a certificate to authenticate with VPN gateways that support PKI based authentication using c...

Page 291: ...uration setting Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 0 BlackBerry Enterprise Server version 4 1 SP2 VPN Domain Name configuration setting Descriptio...

Page 292: ...on s VPN server only if the type of VPN client requires it Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 0 BlackBerry Enterprise Server version 4 1 SP2 VPN G...

Page 293: ...ise Server version 4 1 SP3 VPN IKE Cipher configuration setting Description This setting specifies the encryption algorithm that a BlackBerry device uses to authenticate IKE exchanges Default value Th...

Page 294: ...ntication code that a BlackBerry device can use Default value The default value is SHA 1 160 bits Usage Change this setting only if the hash method authentication code does not support SHA 1 160 bits...

Page 295: ...or the key store password The BlackBerry device retrieves and stores in unencrypted format the private key with the VPN profile Usage If you change this setting to High security a BlackBerry device al...

Page 296: ...0 BlackBerry Enterprise Server version 4 1 SP2 VPN PFS configuration setting Description This setting specifies whether PFS is turned on for a BlackBerry device Default value The default value is Yes...

Page 297: ...default value is Full Visibility A user can view all the configuration settings of the VPN profile Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry...

Page 298: ...etting The default value is 0 Dependencies If you change this setting you must also change the VPN DNS configuration setting to No and the Enable VPN configuration setting to Yes Minimum requirements...

Page 299: ...nable VPN configuration setting to Yes so that a BlackBerry device can use this setting Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 0 BlackBerry Enterprise...

Page 300: ...o Yes so that a BlackBerry device can use this configuration setting Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 0 BlackBerry Enterprise Server version 4 1...

Page 301: ...an assign the Wi Fi profile to a user account and send the profile to a BlackBerry device Minimum requirements Java based BlackBerry device BlackBerry Device Software version 5 0 BlackBerry Enterprise...

Page 302: ...i network Change this setting to No to prevent handovers between access points Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry Enterprise Server v...

Page 303: ...ise Server version 4 1 SP3 Wi Fi Band Type configuration setting Description This setting specifies one or more band types that you configure the wireless access points of a specific SSID to operate o...

Page 304: ...ss mode for a specific Wi Fi network and the IT policy rule to configure the access mode for other Wi Fi networks If you turn off access to the BlackBerry Infrastructure over a Wi Fi network using the...

Page 305: ...ork configuration Default value The default value is Yes DHCP is turned on Usage If your organization uses a Wi Fi network that includes subnets turn on DHCP to permit roaming between subnets Minimum...

Page 306: ...n ThissettingspecifiesthetypeofprovisioningmethodthataBlackBerry devicecanusewhenitauthenticatestoaWi Fi network using EAP FAST authentication with PAC Default value The default value is Anonymous The...

Page 307: ...in browser is available on a BlackBerry device Default value The default value is No Usage Change this setting to Yes to permit a user to log in to a captive portal using a BlackBerry device This sett...

Page 308: ...s the IP address for example 10 0 0 1 that a BlackBerry device can use if DHCP on the BlackBerry device is turned off Default value The default value is a null value Usage A BlackBerry device uses thi...

Page 309: ...e If you configure this setting to Medium security a BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messag...

Page 310: ...setting only if you change the Wi Fi DHCP Configuration configuration setting to No Dependencies If you configure the Wi Fi DHCP Configuration configuration setting to Yes do not change this setting t...

Page 311: ...ckBerry device displays only the profile name WhenyouconfigurethissettingtoCredentialsvisibility theBlackBerrydevicedisplaysonlytheprofilenameandlogininformation of the user Minimum requirements Java...

Page 312: ...sed BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry Enterprise Server version 4 1 SP3 Wi Fi Secondary DNS configuration setting Description This setting specifies the secondary D...

Page 313: ...ault value is a null value Usage If you do not specify the Subject field for a server certificate the BlackBerry device accepts any valid server certificate Minimum requirements Java based BlackBerry...

Page 314: ...to Yes do not change this setting to Yes Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 0 BlackBerry Enterprise Server version 4 1 SP2 Wi Fi Token Serial Numb...

Page 315: ...setting Description This setting specifies the password for PEAP or LEAP authentication on a BlackBerry device Default value The default value is a null value Usage Configure this setting if you want...

Page 316: ...her5or13pairsofhexadecimaldigits 0to9andAtoF thatyouseparatewithacolon forexample AB CD EF 01 23 or AB CD EF 01 23 45 67 89 AB CD EF 01 23 Minimum requirements Java based BlackBerry device BlackBerry...

Page 317: ...xx xx Default value The default value is null Usage Validvaluesareeither5or13pairsofhexadecimaldigits 0to9andAtoF thatyouseparatewithacolon forexample AB CD EF 01 23 or AB CD EF 01 23 45 67 89 AB CD E...

Page 318: ...um requirements Java based BlackBerry device BlackBerry Application Suite version 1 0 BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 Are External Network Connections A...

Page 319: ...s and access call logs on a BlackBerry device You can configure this rule to prevent an application from making calls on a device or to prompt a user whether the user wants to permit the call before t...

Page 320: ...ication to send all of a user s personal information from a BlackBerry device Default value The default value is Allowed Minimum requirements Java based BlackBerry device BlackBerry Application Suite...

Page 321: ...for Bluetooth API Allowed application control policy rule Description This rule specifies whether an application can access the Bluetooth SPP API Default value The default value is Allowed Dependenci...

Page 322: ...cess key store items that are stored at the medium security level The application must prompt a BlackBerry device user for the key store password when it tries to access the private key for the first...

Page 323: ...ations that are developed using the Plazmic Content Developer s Kit as themes on a BlackBerry device Default value The default value is Allowed Minimum requirements Java based BlackBerry device BlackB...

Page 324: ...This rule specifies whether an application can change configuration and user settings on a BlackBerry device Default value The default value is Allowed Minimum requirements Java based BlackBerry devic...

Page 325: ...er applications on a BlackBerry device Default value The default value is No Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 2 1 BlackBerry Enterprise Server ver...

Page 326: ...olicy rule Description This rule specifies the internal domain names that an application can establish a connection to Default value The default value is a null value Minimum requirements Java based B...

Page 327: ...ifywww google comandwww yahoo comasdomainsforwhichanapplicationcanuseabrowser filter for search engines Default value The default value is a null value Minimum requirements Java based BlackBerry devic...

Page 328: ...Optional Minimum requirements Java based BlackBerry device BlackBerry Device Software version 4 0 BlackBerry Enterprise Server version 4 0 Is Access to the Module Management API Allowed application c...

Page 329: ...FIPS compliance for the embedded cryptographic module that is required for basic operation of the BlackBerry device Control application installation and use on BlackBerry devices Prevent BlackBerry de...

Page 330: ...on secure passwords for example password usernames and organization s names Set Password Timeout 5 minutes User Can Change Timeout No Delete all user data on the BlackBerry device if the user types th...

Page 331: ...s permitted before the BlackBerry device locks Defining the encryption strength that the BlackBerry device uses to protect data Scenario Example IT policy rule Example value Protect user and applicati...

Page 332: ...sending SMS text messages Users can still receive SMS text messages Allow SMS No Prevent users from forwarding or replying to messages using a different BlackBerry Enterprise Server Disable Forwardin...

Page 333: ...d party Java application to create public external network connections and permit connections to external domains without prompting users for a password on their BlackBerry devices Are External Networ...

Page 334: ...le Required Remove a third party Java application from BlackBerry devices over the wireless network Disposition application control policy rule Required Prevent users from turning on a custom theme th...

Page 335: ...M value added applications if you want to remove the RIM value added applications from BlackBerry devices Configure the Disable RIM Value Added Applications IT policy rule to Yes ecommerce content opt...

Page 336: ...II American Standard Code for Information Interchange AVRCP Audio Video Remote Control Profile BCC blind carbon copy BlackBerry MDS BlackBerry Mobile Data System BSM browser session manager CAST Compu...

Page 337: ...Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP TLS Extensible Authentication Protocol Transport Layer Security EAP TTLS Extensible Authentication Protocol Tunneled...

Page 338: ...change IMEI International Mobile Equipment Identity IOT interoperability test IP Internet Protocol IPSec Internet Protocol Security LEAP Lightweight Extensible Authentication Protocol LED light emitti...

Page 339: ...tected Extensible Authentication Protocol PFS Perfect Forward Secrecy PIM personal information management PIN personal identification number PKI Public Key Infrastructure PSK pre shared key RNG random...

Page 340: ...Service SPP Serial Port Profile SSID service set identifier TCP Transmission Control Protocol TLS Transport Layer Security TUI telephone UI UDP User Datagram Protocol UID unique identifier USB Univers...

Page 341: ...WAP Wireless Application Protocol WEP Wired Equivalent Privacy WLAN wireless local area network WTLS Wireless Transport Layer Security Policy Reference Guide Glossary 339...

Page 342: ...Provide feedback 7 To provide feedback on this deliverable visit www blackberry com docsfeedback Policy Reference Guide Provide feedback 340...

Page 343: ...for any typographical technical or other inaccuracies errors or omissions in this documentation In order to protect RIM proprietary and confidential information and or trade secrets this documentation...

Page 344: ...AL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN AND B TO RIM AND ITS AFFILIATED COMPANIES THEIR SUCCESSORS ASSIGNS AGENTS SUPPLIERS INCLUDING AIRTIME SERVICE PROVIDERS AUTHORIZED RIM DI...

Page 345: ...agreement with RIM applicable thereto NOTHINGINTHISDOCUMENTATIONISINTENDEDTOSUPERSEDEANYEXPRESSWRITTENAGREEMENTSORWARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS...

Reviews:

No comments

Related manuals for Enterprise Server 5.0 sp2

Crestron CRESTRON-APP-SSTV Operations & Installation Manual preview
CRESTRON-APP-SSTV
Brand: Crestron Pages: 28
Brocade Communications Systems VA-40FC Hardware Reference Manual preview
VA-40FC
Brand: Brocade Communications Systems Pages: 60
Model Technology Model Sim EE Start Here Manual preview
Model Sim EE
Brand: Model Technology Pages: 37
Seagate ST905003BPA1E1-RK - Maxtor BlackArmor 500 GB External Hard Drive Specifications preview
ST905003BPA1E1-RK - Maxtor BlackArmor 500 GB External Hard Drive
Brand: Seagate Pages: 2
AVG RESCUE CD - FOR WINDOWS V 85.2 User Manual preview
RESCUE CD - FOR WINDOWS V 85.2
Brand: AVG Pages: 83
AVG ANTI-VIRUS BUSINESS EDITION 2011 - REV 2011.01 User Manual preview
ANTI-VIRUS BUSINESS EDITION 2011 - REV 2011.01
Brand: AVG Pages: 128
UNIBLUE DriverScanner 2010 Product Manual preview
DriverScanner 2010
Brand: UNIBLUE Pages: 12
FieldServer FS-8700-40 Driver Manual preview
FS-8700-40
Brand: FieldServer Pages: 34
3M MicroTouch MT7 User Manual preview
MicroTouch MT7
Brand: 3M Pages: 57
Ubiquiti airVision User Manual preview
airVision
Brand: Ubiquiti Pages: 38
Autodesk 057B1-41A111-1001 - AutoCAD LT 2010 User Manual preview
057B1-41A111-1001 - AutoCAD LT 2010
Brand: Autodesk Pages: 574
Oce XMPie User Manual preview
XMPie
Brand: Oce Pages: 22
National Instruments Order Analysis Toolset User Manual preview
Order Analysis Toolset
Brand: National Instruments Pages: 63
IBM VIAVOICE 10-STANDARD EDITION User Manual preview
VIAVOICE 10-STANDARD EDITION
Brand: IBM Pages: 124
FARONICS INSIGHT - TEACHER Quick Start Manual preview
INSIGHT - TEACHER
Brand: FARONICS Pages: 9
UNIBLUE POWERSUITE 2010 - V1 Product Manual preview
POWERSUITE 2010 - V1
Brand: UNIBLUE Pages: 13
Asus Z87M-PLUS User Manual preview
Z87M-PLUS
Brand: Asus Pages: 164
Canon Viewer User Manual preview
Viewer
Brand: Canon Pages: 55

Brands by name

Popular brands

Load more brands